CHKS Limited processes patient data to help healthcare organisations achieve sustainable improvements in their performance. This notice explains more about how we use your personal information as a data controller. Specifically it describes what we do with pseudonymised Hospital Episodes Statistics (HES) supplied under licence and disseminated directly to us by NHS England. Our privacy page provides links to additional privacy notices.
We cannot identify you in the HES data that we hold but it is produced by NHS England using data about NHS patients.
What information we hold about you
Our tools and services use HES to help healthcare customers improve their services. NHS England describe HES as ‘a curated data product containing details about admissions, outpatient appointments and historical accident and emergency attendances at NHS hospitals in England.’ A detailed explanation of HES can be found here. You can manage your NHS personal data choices here.
We hold a pseudonymised version of HES data. It does not include your NHS number. We cannot identify individual patients from the pseudonymised HES data that we hold.
How we use your information
We present informatics, insights and analysis to healthcare customers using our tools and services. These are described on our website. Customers use our services for a number of purposes including to:
Understand patient outcomes by identify improvement opportunities and support change initiatives aimed at improving patient outcomes
Assess and manage clinical quality and patient safety within NHS Organisations
Understand and investigate reasons for variation in performance
Identify improvements and opportunities in operational efficiency and monitor the impact of implemented changes
Mortality Profiling - helping to identify risks and opportunities and make improvements in safety and care quality
Service planning - help NHS organisations to monitor, analyse and understand their activity and develop services
Identify and understand market activity
Identify pathways where there is potential for improvement
Identify areas of best practice either within the Provider Trust or local/national health economies
Better understand how NHS organisations compare to other Provider Trusts with similar case mixes
We also use the data to publish articles and reports to broaden public understanding.
We link HES data with the Emergency Care Data Set (ECDS) that we receive under the same agreement with NHS England. This provides NHS customers with a more complete view of care to identify areas for improvement.
HES data is provided to us by NHS England under licence and under sections 261(1) and 261(2)(b)ii) of the Health and Social Care Act 2012.
Under the UK General Data Protection Regulation (UK GDPR) we must identify specific legal bases for collecting and using your data.
We process HES data under the following legal bases:
It is necessary for the purpose of our legitimate interests and those of our NHS customers. Our legitimate interest is in being able to provide tools and services that will benefit healthcare organisations. We have a legitimate interest in being able to offer a commercial service that is based on a trusted dataset. It is also in the interests of the NHS, patients and the public as a whole, because it brings benefits and improvements to health and social care. Without the processing of this data we would not be able to deliver these benefits. This would be to the detriment of healthcare professionals and patients.
It is necessary for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes. It is proportionate to the aim pursued, respects the essence of the right to data protection and provides for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject.
We only process these datasets under the terms of our data sharing agreement with NHS England. The processing is subject to additional safeguards, in particular the technical and organisational measures that fall under the scope of our independently and externally audited information security management system.
Information we share with other organisations
Our NHS customers can access a secure portal to see HES data relating to their service. This is at record level, but is not used for the re-identification of patients. It does not include identifiers such as NHS number. NHS customers can also see aggregated data relating to other organisations (their peers).
Our NHS customers can also use our bespoke services to receive reports, analysis and visualisations. We also use the data to publish reports and articles that aim to increase the public understanding of health and social care. We may also work with private companies to provide them with reports and analysis. Any information shared in this way will be at a high level so that individuals cannot be identified.
Information only processed in the UK
The patient data we receive from NHS England is processed within our data centre, which is located wholly within the UK.
How long we keep your information
Our licence with NHS England provides us with data covering the last 5 years. We keep the data only for as long as permitted by our agreement with NHS England.
Your rights
| Informed | ✓ | This notice and the one published by NHS England are to inform you about how we use your data when processing HES. |
| Access | ✓ | We cannot identify you from the HES data we hold. Please contact NHS England for more information on how you can access data relating to you. |
| Objection | ✗ | Not applicable |
| Portability | ✗ | Not applicable |
| Correction or change | ✓ | If any of the information we hold about you is incorrect or incomplete then this should be corrected through your healthcare provider or via NHS England. |
| Erasure | ✗ | Not applicable |
| Restriction | ✓ | You can request that the use of your personal information is limited to storage only. We cannot identify you from the HES data we hold. Please contact NHS England for more information on how to restrict your data. |
| Informed or automated decision making | ✗ | We do not use the data to produce decisions made solely by computers rather than people. |
| Withdraw consent | ✗ | The data is not processed on the basis of consent |
Find out more about your personal data rights at the Information Commissioner’s Office (ICO) website.
Data Protection Officer
Our Data Protection Officer can be contacted by email on [email protected].
How to complain
If you feel that we have let you down in relation to your information rights then please contact our Data Protection Officer using the details above. You can also make complaints directly to the Information Commissioner’s Office (ICO). The ICO is the independent authority upholding information rights for the UK. Their website is ico.org.uk and their telephone helpline number is 0303 123 1113.
